Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Pay works with deactivated credit cards

akash.nu

akash.nu

macrumors G4
Original poster
May 26, 2016
10,877
17,032
So I experienced something recently and thought it will be good to share with you all.

I lost my credit card a couple of days ago and have since blocked the card and ordered a replacement. All existing services using that card stopped working automatically, as expected & I kept on receiving various payment failure messages.

Amazingly, Apple Pay continued to work and I've used it multiple times since blocking the card. Having thought through it I think I understand why this is the case. In my opinion the reason being as simple as not using the actual card details for the Apple Pay transactions.

Essentially, when the transaction token is created and sent to the merchant and the merchant tries to verify with the bank, it all checks out because the physical card details doesn't come into picture. This is of course why Apple Pay is always a more secure option of payment over direct card transactions.

I'm just wondering if this is the correct implementation of this technology or should Apple Pay stop working as well when a card is reported to be lost or stolen?!
 
akash.nu said:
So I experienced something recently and thought it will be good to share with you all.

I lost my credit card a couple of days ago and have since blocked the card and ordered a replacement. All existing services using that card stopped working automatically, as expected & I kept on receiving various payment failure messages.

Amazingly, Apple Pay continued to work and I've used it multiple times since blocking the card. Having thought through it I think I understand why this is the case. In my opinion the reason being as simple as not using the actual card details for the Apple Pay transactions.

Essentially, when the transaction token is created and sent to the merchant and the merchant tries to verify with the bank, it all checks out because the physical card details doesn't come into picture. This is of course why Apple Pay is always a more secure option of payment over direct card transactions.

I'm just wondering if this is the correct implementation of this technology or should Apple Pay stop working as well when a card is reported to be lost or stolen?!
Click to expand...
It looks like others are reporting this as well: https://forums.macrumors.com/threads/apple-pay-auto-updates-new-card-number.1859889/

This likely happens due to when adding your card you get a device specific account number that is tied to your account, but is only used for Apple Pay. Refer to the following as it's described by Apple:

"Once your card is approved, your bank or your bank’s authorized service provider creates a device-specific Device Account Number, encrypts it, and sends it along with other data (such as the key used to generate dynamic security codes unique to each transaction) to Apple. Apple can’t decrypt it, but will add it to the Secure Element within your device. The Secure Element is an industry-standard, certified chip designed to store your payment information safely. The Device Account Number in the Secure Element is unique to your device and to each credit or debit card added. It’s isolated from iOS and watchOS, never stored on Apple Pay servers, and never backed up to iCloud. Because this number is unique and different from usual credit or debit card numbers, your bank can prevent its use on a magnetic stripe card, over the phone, or on websites."

https://support.apple.com/en-us/HT203027
 
  • Like
Reactions: Applejuiced and akash.nu
timeconsumer said:
It looks like others are reporting this as well: https://forums.macrumors.com/threads/apple-pay-auto-updates-new-card-number.1859889/

This likely happens due to when adding your card you get a device specific account number that is tied to your account, but is only used for Apple Pay. Refer to the following as it's described by Apple:

"Once your card is approved, your bank or your bank’s authorized service provider creates a device-specific Device Account Number, encrypts it, and sends it along with other data (such as the key used to generate dynamic security codes unique to each transaction) to Apple. Apple can’t decrypt it, but will add it to the Secure Element within your device. The Secure Element is an industry-standard, certified chip designed to store your payment information safely. The Device Account Number in the Secure Element is unique to your device and to each credit or debit card added. It’s isolated from iOS and watchOS, never stored on Apple Pay servers, and never backed up to iCloud. Because this number is unique and different from usual credit or debit card numbers, your bank can prevent its use on a magnetic stripe card, over the phone, or on websites."

https://support.apple.com/en-us/HT203027
Click to expand...
This. Apple Pay is essentially a completely separate card linked to your account. Unless you close the account it will continue to work.
 
  • Like
Reactions: timeconsumer, Applejuiced and rui no onna
Cheers. Missed the details about that device specific token directly dealing with the bank bit.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back